The following ACI can be used to grant any member of the "cn=admins,ou=groups,dc=example,dc=com" group to add, modify and delete entries, reset passwords and read operational attributes such as isMemberOf and password policy state:

aci: (targetattr="+")(version 3.0; acl "Administrators can read, search or compare operational attributes";
allow (read,search,compare) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";)
aci: (targetattr="*")(version 3.0; acl "Administrators can add, modify and delete entries";
allow (all) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";)